Having Small Issue

[tech-chef]

This is my problem: I posted this in answers.yahoo.com and did not get any answers so i copied and pasted it here. Please help me

I use the registry cleaner CyberDefneder. I been using it almost 1 year now with no issues. Then all of a sudden, A Windows Update went in, and it got stuck on the Shutting Down screen. It was there for a good 2 hours so i unplugged my computer and started it up again. I ran it in safemode to start and ran both AVG and Malware-Bytes to see if anything was wrong. And Nothing Came up (except some low threat cookies) Now when I Run CyberDefender it gets stuck on HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shel… the computer freezes up where i can not do ANYTHING. I ran hijackthis and analyzed it with nothing coming up wrong. MY computer still goes slower then usual. What am i missing?

Additional Details
also I know its HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shel… cause it stops on that and when I uncheck it from the fix list, the computer does not freeze up. its only that one that freezes it up.

 

[deanj20]

"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shel…" doesn't tell me much - can you give us the full entry?

Also, hit Ctrl+Alt+Del and tell us all of the processes which are using more than 10,000K

 

[johnb35]

Can you also post the hijackthis log?

 

[tech-chef]

First the whole file name via CyberDefender
hkey_local_machine\software\classes\http\shell
under it it says
"The key shell under hkey_local_machine\software\classes\http is empty"

Second all processes using over 10,000K
firefox.exe
msnmsgr.exe
wlcomm.exe
mbamservice.exe
avg.exe also jumps up there but then goes back down in a few seconds.

Third the requested Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:02 PM, on 4/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hrinfo.rednersmarkets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CyberDefender Registry Cleaner] C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.25\AMVConverter\grab.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1032858732780
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257548080859
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: PabasidiKbd - {A759BF6C-4FB4-4DC3-8400-AFA4093B597B} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 7211 bytes

I am a computer geek and can usually repair them for myself but this has me stumped cause malwarebytes avg or hijack this usually picks the stuff up. its not picking anything up!

 

[deanj20]

Looks clean to me.

A quick search on "hkey_local_machine\software\classes\http\shell" reveals that it is related to your browser - I didn't dig much further than that.

I suggest that you uninstall Firefox and all other browsers you have besides IE. Then, after you've uninstalled them, download and run CCleaner, and scan for and repair registry errors repeatedly until it finds no more. Then reboot the computer, and run CyberDefender again. If it doesn't freeze up, open IE and download and install the latest Firefox, reboot, and run CyberDefeder one last time. If it doesn't freeze on round 2, I'd say you've nailed it.

 

[tech-chef]

Looks clean to me.

A quick search on "hkey_local_machine\software\classes\http\shell" reveals that it is related to your browser - I didn't dig much further than that.

I suggest that you uninstall Firefox and all other browsers you have besides IE. Then, after you've uninstalled them, download and run CCleaner, and scan for and repair registry errors repeatedly until it finds no more. Then reboot the computer, and run CyberDefender again. If it doesn't freeze up, open IE and download and install the latest Firefox, reboot, and run CyberDefeder one last time. If it doesn't freeze on round 2, I'd say you've nailed it.

thank you i will try all that an come back to tell you the results...

 

[G25r8cer]

I do not recommend using registry cleaners except for ccleaner. Registry cleaners tend to remove needed entries and can seriously mess up your system.

Other than that you look clean

 

[deanj20]

I do not recommend using registry cleaners except for ccleaner. Registry cleaners tend to remove needed entries and can seriously mess up your system.

True, that. Why do you feel the need to use CyberDefender anyway? Looks like you've already got AVG running (and eating up all of your memory too, BTW).

My advice would be to uninstall AVG Free completely, as well as CyberDefender. Then run CCleaner, scanning/fixing issues repeatedly until it finds no more. Then, download the latest AVG Free, but do not install all of the extras and do not allow it to run on start up.

I loves me some AVG, but it's a resource hog, especially since it's running in the background the whole time your computer is on, and then you've got the toolbar and however many related processes running.

I tell my clients to do this - when you download a file you're not 100% comfortable with, never choose "Run" - only "Save." When the download completes, choose "Open File Location" - then right click the download and choose "Scan with AVG".

Some will disagree, but I feel that this should be sufficient protection for most users from viruses. And no processes sucking up all your resources when you don't need them to!


[edit]
If you must have "real-time" protection, I recommend Microsoft Security Essentials. It's about time MS releases a quality free tool to protect its OS. :good:
[edit]

 

[tech-chef]

True, that. Why do you feel the need to use CyberDefender anyway? Looks like you've already got AVG running (and eating up all of your memory too, BTW).

My advice would be to uninstall AVG Free completely, as well as CyberDefender. Then run CCleaner, scanning/fixing issues repeatedly until it finds no more. Then, download the latest AVG Free, but do not install all of the extras and do not allow it to run on start up.

I loves me some AVG, but it's a resource hog, especially since it's running in the background the whole time your computer is on, and then you've got the toolbar and however many related processes running.

I tell my clients to do this - when you download a file you're not 100% comfortable with, never choose "Run" - only "Save." When the download completes, choose "Open File Location" - then right click the download and choose "Scan with AVG".

Some will disagree, but I feel that this should be sufficient protection for most users from viruses. And no processes sucking up all your resources when you don't need them to!


[edit]
If you must have "real-time" protection, I recommend Microsoft Security Essentials. It's about time MS releases a quality free tool to protect its OS. :good:
[edit]

Cyberdefender was something i bought when i was stupid. I have a contract with them and since i paid for it i figured i should use it but if you guys do not reccomend it i will uninstall it.

I do what you say about. I never choose run with downloads.i always save it and scan it first. I scan it with both AVG and Malware-bytes. The CCleaner removed alot of AVG files so i think that was part of my problem with it eating my memory.

My Issue is fixed though. I am so thankful that you guys helped me through it.

To be clear of what you guys are telling me:
Uninstall Cyberdefender
Uninstall AVG
Run CCleaner
Reinstall AVG with out extras.

Thanks tech-chef

So i should try Microsoft Security Essentials instead? I will try it but I am very weird about leaving the trusted Virus Protection. My internet company gave me CA and it ate so much of my memory it would take 2-5 minutes just to load! I got rid of it and my computer was fully loaded in about a minute.

Thanks again

 

[deanj20]

No, you can keep AVG if you want instead - don't use both. But I would ONLY use AVG (nothing else) and without all of the "bloat".

If you're worried about other malware, scan in safe mode using Malwarebytes Antimalware once a week/month/whatever.

Also, see my slow computer rant:

The first thing I would do is completely uninstall anything that says Norton or Symantec. It's a major resource hog. Follow the steps in this post, and we'll replace it with something equally effective and less demanding.

Next, run Malwarebyte's Antimalware in Safe Mode with Networking and remove anything it finds.

After that, download and install Piriform CCleaner. Run the program, and on the left hand side select Registry. Scan and Fix Issues. Continue scanning for/repairing issues until it doesn't find anymore.

Then, if you're like 90% of Windows users, you probably have a ton of extra programs starting up automatically when Windows starts up. You can disable unneeded processes from starting up by doing the following:
Go to Start-->Run-->type in 'msconfig' and hit <enter>

In the Startup tab, uncheck everything that you do not need running in the background at startup and click "Apply." Then, in the Services tab, check Hide All Microsoft
Services, uncheck everything that you do not need running in the background at startup and click "Apply." Restart the computer.

Next, download and run the executable for TrendMicro HijackThis!.
Press the button labeled "Open the Misc Tools Section". Then check both the check boxes next to the "Generate StartupList Log" button and click the button. Click the button to generate the list, save it and upload it as an attachment to your next post, and I or some other forum member will advise you on what else to disable, if anything.
Then run HijackThis! in normal mode and post your scan log here and we'll see if there's anything else that needs to be looked at.

Finally, you can install a free anti-virus to help keep you protected (these aren't nearly as taxing on your memory as Norton). I prefer AVG Free Edition, but I've heard good things about Microsoft Security Essentials as well. Avira AntiVir and Avast! are two more options. Please install one of these programs to help keep you virus free.

After you've done all of these things, please wait until the computer is idle (no programs loading/scanning/etc), and hit ctrl+alt+delete and make note of your CPU usage at the bottom of the popup window.

On your next post, please include both the HijackThis! Logs I've requested, your idle CPU usage, any steps you left out, the make/model of your computer, and let us know how your it is running now.

Good Luck!

 

[tech-chef]

No, you can keep AVG if you want instead - don't use both. But I would ONLY use AVG (nothing else) and without all of the "bloat".

If you're worried about other malware, scan in safe mode using Malwarebytes Antimalware once a week/month/whatever.

Also, see my slow computer rant:

OK. I will try the Microsoft but if i do not like it I am going back to AVG.

My next question is, Do I need Windows Powershell?
Thank You
tech-chef

 

[deanj20]

No. You do not need Windows Power Shell.

Did you disable all of the crap that was starting up automatically via msconfig? Also, after you get done uninstalling all of your old crap and installing Microsoft Security Essentials, run CCleaner again to remove registry errors.

 

[tech-chef]

No. You do not need Windows Power Shell.

Did you disable all of the crap that was starting up automatically via msconfig? Also, after you get done uninstalling all of your old crap and installing Microsoft Security Essentials, run CCleaner again to remove registry errors.

I not only disabled all that crap, I uninstalled just about everything i was not using. I switched to Microsoft Security Essentials. I Uninstalled CyberDefender. I have run CCleaner everyday now.

I am having an issue thats no biggy right now but its annoying. I wanted to uninstall Windows Live Messenger and Windows Live Call because I do not use them anymore, and when I go to Add/Remove Programs it does nothing when i click remove.(I know that i have to click WIndows Live Essentials to remove both) I tried using Revo Uninstaller and it trys to open the built in uninstall but nothing happens. On the following step it lists close to 10,000 files so I know all those files are not those 2 programs. Should I try and Reinstalling Windows Live Essentials then Uninstalling the files? Or........?

EDIT: The total number of files that REVO shows is 9235...sorry for the exaggeration.

 

[tech-chef]

I not only disabled all that crap, I uninstalled just about everything i was not using. I switched to Microsoft Security Essentials. I Uninstalled CyberDefender. I have run CCleaner everyday now.

I am having an issue thats no biggy right now but its annoying. I wanted to uninstall Windows Live Messenger and Windows Live Call because I do not use them anymore, and when I go to Add/Remove Programs it does nothing when i click remove.(I know that i have to click WIndows Live Essentials to remove both) I tried using Revo Uninstaller and it trys to open the built in uninstall but nothing happens. On the following step it lists close to 10,000 files so I know all those files are not those 2 programs. Should I try and Reinstalling Windows Live Essentials then Uninstalling the files? Or........?

EDIT: The total number of files that REVO shows is 9235...sorry for the exaggeration.

Ok Nevermind the Windows Live Essentials Issue. I found the solution online. I had to reinstall it and uninstall it. Stupid Right? lol. TY for all the help

 

[deanj20]

Also, for future reference - CCleaner can also uninstall programs. If you ever come across one that you cannot install, go into Program Files and find the programs folder and manually delete it. Delete any desktop and start menu shortcuts/folders too. Then run CCleaner and scan for/fix registry issues until it finds no more. I've had to do this more than a few times for programs whose uninstallers did not work.

 

[tech-chef]

Also, for future reference - CCleaner can also uninstall programs. If you ever come across one that you cannot install, go into Program Files and find the programs folder and manually delete it. Delete any desktop and start menu shortcuts/folders too. Then run CCleaner and scan for/fix registry issues until it finds no more. I've had to do this more than a few times for programs whose uninstallers did not work.

I tried that uninstaller too. Nothing was removing this. it was alot easier to reinstall it and then uninstall it. THank You though

 

[tech-chef]

I am someone who loves to give updates so here i go

Back when-I had to Do a Clean install of Windows XP- cause nothing else was working

I now swear by Microsoft security essentials (Thank You deanj20 for recommending it to me)
I canceled my contract with Cyber-defender and had the serial nulled.(that is the word they used not me)
and I ONLY use CCleaner in my computer.
It goes quicker then before at least.


So Thank You to Everyone who helped me

 

[ErikAlbert]

Back when-I had to Do a Clean install of Windows XP- cause nothing else was working

That is usually the final solution for users with a weak security. I've done it myself many times, to get rid of ALL my problems, when I was less knowledgeable.
Needing a fresh install is indeed "Having Small Issue".
I hope you took at least a backup of this fresh install to make a restore possible, when another serious problem(s) occurs in order to get back in business without losing much time.

I now swear by Microsoft security essentials
I canceled my contract with Cyber-defender and had the serial nulled.
and I ONLY use CCleaner in my computer.
It goes quicker then before at least.

This won't change anything in your security, it's still too weak, maybe less weaker or the same or worse, it's unpredictable.
BUT it's a new combination, which gives new hope and it runs quicker, which means that the next malware will run quicker too. Good luck !!!

 

[tech-chef]

That is usually the final solution for users with a weak security. I've done it myself many times, to get rid of ALL my problems, when I was less knowledgeable.
Needing a fresh install is indeed "Having Small Issue".
I hope you took at least a backup of this fresh install to make a restore possible, when another serious problem(s) occurs in order to get back in business without losing much time.


This won't change anything in your security, it's still too weak, maybe less weaker or the same or worse, it's unpredictable.
BUT it's a new combination, which gives new hope and it runs quicker, which means that the next malware will run quicker too. Good luck !!!

I usually do not have issues with my computer-that is the thing-I have not done a fresh install on a computer since-and i have one that is OLD (6 years) That has YET to have a clean install done. Its just The Luck I guess